Skip to content
/ GitTrust Public

GitTrust (GT): Enhanced S/MIME Commit Signing with Device Authentication

License

GPL-3.0 license
2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

austinsonger/GitTrust

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

56 Commits

.github/workflows

.github/workflows

 
 

images

images

 
 

jamf

jamf

 
 

jumpcloud

jumpcloud

 
 

kandji

kandji

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

Repository files navigation

GitTrust (GT): Enhanced S/MIME Commit Signing with Device Authentication

Inspired By: FIGMA

To proactively mitigate the risk of malicious code reaching production, GitTrust ensures that code changes merged into GitHub release branches come from trusted, company-managed devices. It does this by S/MIME signing for Git commits in an environment where devices are managed by MDM and access control is managed by Okta. It ensures that only compliant devices can make signed commits to Git repositories.

PROJECT-WIDE TO-DO

  • Issue X.509 Okta Device Trust certificates to MacBooks from an Amazon Private Certificate Authority (CA) (The certificates will be distributed through MDM, renew every 30 days, and attest that a laptop meets Endpoint Security Baseline criteria at the time they’re issued.)

MDM

Signing Commits with Device Trust Certificates

Verifying Signatures with AWS Lambda and GitHub Apps

Verifying Bot-authored Commits

About

GitTrust (GT): Enhanced S/MIME Commit Signing with Device Authentication

Topics

okta jumpcloud jamf kandji

Resources

Readme

License

GPL-3.0 license
Activity

Stars

2 stars

Watchers

2 watching

Forks

0 forks
Report repository

Languages